On Thu, Mar 30, 2023 at 8:34 PM Douglas Foster < dougfoster.emailstanda...@gmail.com> wrote:
> The world has changed. Insecure mailing lists did not matter in the days > before email became a weapon. > A comparison was made to the global deployment of HTTPS to replace HTTP. There have been other examples in my career, like replacing rsh and telnet with ssh. In those instances as well, the world had changed. There appears to be a claim that DMARC is another instance of the same kind of evolution and it ought to be embraced. The problem, I believe, is that there is not clear consensus that the community wants this, because the benefits are not strictly incremental. When you change the URI scheme you're using from "http" to "https", there's some complexity introduced in the implementations, but your experience as a consumer is largely the same yet is secured against snooping or tampering in transit. It's a clear win. The same is true of moving to ssh. But when you deploy DMARC and force lists to change the way they work, the experience is altered in a way users perceive as a degradation. We're taking something significant away, and the benefit is not perceived to be worthwhile. For the kind of progress you want to see, that's what you need to overcome. Simply telling users to suck it up seems to me a dubious strategy. -MSK, participating
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
